CVE-2009-3649

Name of the Vulnerable Software and Affected Versions Power Bulletin Board versions 2.0.2 and earlier

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the id parameter in a "new topic" action. This occurs in the forums/index.php file.

Recommendations For Power Bulletin Board versions 2.0.2 and earlier, update to a version that fixes this issue, as using the id parameter in the "new topic" action of the forums/index.php file can lead to arbitrary web script or HTML injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.